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1, INTRODUCTION 

Security maneuver is primarily a data curation problem in which incident data in concurrence with 
human operations to develop infrastructure robustness over time is led. Geography in the digital form of gml 
file, in mathematics, 1s the concept of graph study which is designed to structure associations between nodes, 
connection lines, and vertices. In computer network security, a method based on geography focuses on the 
context of security incidences by graphing network components and data stream. To extract security context 
based upon geography concept helps renovate the mentality of incident responders from regular process- 
driven operation to progressive data analytics. Not to mention it can improve efficiency and help secure day- 
to-day operations by inaugurating an intelligent system to prevent future attacks. A system with more context 
to individual well-known attack contributes analysts an informal association of how current’s attack relates to 
historical incidences or the upcoming one. It is appropriate to audit the security system and swap outdated 
ones with advanced analytics. Data security using biometric authentication approach over cloud computing 
network has been recommended in [1]. 

Recently, the analysis of security alerts using network coding in wireless communication With the 
increasing demand on the use of technology, it develops more and more important to protect online 
information. Network security has steadily become one of the critical tools for leveraging the computer 
systems. Analysis by incident experts is time-consuming [2] and it is difficult to store up-to-date security 
information for network nodes. A risk assessment model based on attack graph has been introduced in [3]. 
A model adopts agents and risk association analysis into the design. Attack graph algorithm is used to collect 
security information dynamically. The graph to assess the overall risk of any networks can be computed [4]. 
Attack route, risk index, and hostname are attained in order to quantify risk assessment at a particular 
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network node. The experimental results show the effectiveness and validation of the model. Once security 
warnings are inspected and taken into account as isolated, independent incidences, security analysts 
encounter how to determine patterns and relations in order to identify the associations and source of the 
attack. In many problems, incident data analysts collected is unstructured and not warehoused in a fashion 
that avails for automation network has been presented in [5]. However, the latency reduction, the improved 
quality of the wireless connection and the increased throughput are main objectives of the research. There 
have been several types of research based on network coding for the improvement of network efficiency in 
wireless environments. The network coding reflects the advantage of increased throughput and efficiency as 
it can handle higher traffic than the conventional network [6]. 

Security can be monitoring as a basic requirement for any computer networks as described in [7]. 
The traffic graph concept has been introduced and used to help identify the network structure. From the point 
of the adjacency matrix, potential risks are assessed and the attack is allocated. Multiple attacks and steps are 
also traced in case of the critical situation. The approaches based on a general graph concept [8-12] focus on 
medical images, human life, network securitytraffic and transportation. In order to monitor real-time based 
network traffic, the system needs a reliable scheduling mechanism as mentioned in [13]. The connection 
analysis and traffic flow of routing mechanism have been proposed by [14]. But the set of connection can 
only be applied to the static wireless network. The distributed network coding-aware routing which tolerates 
packets from two directional flows is encrypted as suggested in [6]. In this paper, network security is 
evaluated by employing the attack associated with the undirected geography. Related to this, the digital 
geography which is undirected graph is adapted to analyze the attack based on network security metrics. It 
becomes more effective if security metrics tend to concentrate on individual network nodes but longer 
latency and queues. Thus, the analysis is not a good application for time-sensitive services like multimedia or 
big data. Moreover, once an intermediate router gets an acknowledged packet then it has to relay and these 
results in augmented delay. 

The research centers on evaluating the computer network security based on the attack records from 
undirected geography. All metrics generated by AUG are considered for security issue. First, the computer 
network has been geographed to compute all relevant parameters. Second, assumptions for the attack model 
are set, and these variables are used to calculate for the possibility of attacks. Lastly, results and analysis are 
discussed in order to remark the future research recommendation. 


2. DIRECTED AND UNDIRECTED GEOGRAPHY 
2.1. Directed Geography Model 

A digital geography can be mathematically constructed by two components: a set of vertices and 
linked by edges. In order to model a computer network to a geography representation, it is to consider the 
network topology and the link (connection) per se [15]. In general, computer nodes are geographed to 
symbolize devices structured in the network environments while edges represent communication channels for 
the information flow. Edges also direct the flow of the traffic between nodes. A geography called directed 
geography consisting of no various edges nor self-loop (diagonally zeroed out in an adjacency matrix). A 
directed geograph G represents a well-organized but imperfectly connected triple (V(G), E(G),Jc) where 
V(G) is a set of vertices, E(G) is a set of edges and an incidence function Ig associating with each edge of G 
as displayed in Figure 1. 





00010 0 001 0 
00011 0 0-1 11 
A=1!101000 I=! 01000 
00001 1-10 01 
00000 0-1 0-10 
Directed geography Adjacency matrix Incidence matrix 


Figure 1. The adjacency matrix (A) and incidence matrix (/) representation of directed geography on five 
vertices 


2.2. Undirected Geography Model 

The dissimilarity between an undirected and a directed geography is that the undirected geography 
becomes a strongly connected one. It is more apparent if the road in the city or all streets are not single 
directions. If the streets are well connected, then from any part of the city to others can be accessible. 
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Undirected edges are strongly connected but not well-organized pairs of vertices. If all edges are undirected, 
or bi-directional, then the computer network is called an undirected network (geography). In this research, 
all geographies are undirected and finite, with optional self-loops and multiple edges. Let an undirected 
geograph G represents a disordered but perfectly connected triple (V(G), E(G),Jc) where V(G) is a set of 
vertices, E(G) is a set of edges and an incidence function Ig associating with each edge of G as shown in 
Figure 2. Assume that G consists of n vertices and m edges. Thus the incidence matrix [/]n xm = [dij] with 
regard to V(G) and E(G), where 





dij = {, when edge e; is incident with 1;, 4 
0 elsewhere. 
00010 00010 
00111 00111 
A=1!101000 !=!01000 
11001 11001 
01010 01010 
ee Adjacency matrix Incidence matrix 


Figure 2. The adjacency matrix (A) and incidence matrix (/) representation of undirected geography 
on five vertices 


2.3. Attack Analytical Model 

Attack geography approach is a basic tool to assess the security of a computer network [16]. It has 
been used to model the vulnerabilities of the computer systems and their prospective activities. The effective 
activity directing to minimal loss/damages of the systems is a matter of security concern. The task has been 
performed in detecting, modeling, analyzing, and facilitating the attacks. But in general, geographies are 
complicated and hefty to be translated and comprehensive by security analysts. Then in order to determine 
vulnerabilities in the computer network as such and simplify the representation of a target system, an attack 
geography corresponding to a target network for analysis and response must be firstly generated. A 
vulnerability-based attack can be graphed out, where the condition denotes the system’s state-space or 
security-related vulnerability and activities are modeled for analysis. This also helps prioritize the security 
responses in terms of both repair and integrity. Next proposed algorithm as demonstrated in Figure 3 is opted 
to identify the attacks. 


Proposed Algorithm 

1: Require: Geography Dataset matrix which contains n rows and n columns; List of 
vulnerability ID (VID); 

2: Procedure: Find all possible paths under VID attacks from m nodes being attacked; Max. 
No. of edges per node in the network topology = e ; 


3: fori=1 tomdo 

4: forj=1 toedo 

5: V.Path = All.Paths € Vul.Path.Check = True; /** Vulnerability found **/ 
6: end for 

i Compute AS{i|; /** Compute severity **/ 

8: end for 

9: Compute a ; 

1 


0: Set order to outclass & € {1,2,3,..,m} associated to severity level a ; 
/** Priority sequence from highest to lowest severity level **/ 

11: for Vk Em do 

12: Outclass node k corresponding to k sequence ; 

13: end for 


Figure 3. The proposed algorithm for downsizing nodes under attack 
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The adjacency matrix A, x » represents the link of an individual edge in the attack geography. Thus 
the adjacency matrix points out every step in the attack. Thoroughly in another way round, the rows and 
columns of A have to be taken into account in order to trace attack steps. Obviously, A can be elevated to any 
matrices product without upsetting the original structure of the attack geography as listed in Equation (2). 
The performance of the partition algorithm discussed in [17] can be used to obtain a shorter processing time 
as well as to avoid complexity in calculation cost of which is not beyond O(n’). Moreover, in the case of big 
data processing, a solution of missing and impaired datasets presented in [18] can be utilized. 


A" =|], A, (2) 
Let us assume an attack probability based upon each vulnerability (P,) can be computed as follows: 
Pq = [Viz Divi (3) 


where v; is defined as the i” vulnerability employed by the attacker while p; means the attack probability of 
the according vulnerability. Note that vulnerabilities in this paper are noticeable by their IDs as listed by the 
National Vulnerability Database. In order to identify the attack path, a geography of computer network 
demonstrates the connection between the node being attacked by vulnerabilities and particular edges. A 
geography displays the penetration of vulnerabilities. Apparently, a vulnerability-based attack geography can 
be pictured and then vulnerability attack paths are graphed where a security issue develops the state space. 
For instance, it 1s being assuming that there were three different vulnerabilities in the current network 
topology, v;, v2 and v3. Their dependencies are that v; > v2 > v3 which means v; is the successor of v2 and v3 
is the successor of v2 respectively. Suppose node | (N;) was detected by (v;, v2), N2 was detected by (v2, v3) 
and N3 was detected by (v, v3). All possible attack paths developed by the aforementioned three 
vulnerabilities can be alert as shown in Table 1. Attack path is a set consisting of the series of nodes and 
activity in order to achieve the attack goal. The activities are not only inclusive of vulnerabilities and their 


= 


associations but also the normalized value (where |u| = |) of these parameters such as load (ZL), 


Eigenvalue (£), random-walk (R), closeness (C), degree (D), and cliques (CL) and the weight in the attack 
path. The attack severity (AS) can be quantified by the computation of 


AS = P, L-E-R-C-D-CL (4) 


Table 1. Possible attack paths. 


NiVv1 > Niv> > N3v3 N3V7 > Novr > Nov3 
NiVv1 > Niv> > Nov3 N3V7 > Novr > N3v3 
NiVv1 > Novr > N3v3 N3V7 > Niv> > Nov3 
Niv1 > Nov> > Nov3 N3V7 > Niv> > N3v3 


It is noted that it 1s typically several attack paths occur simultaneously in the target geography. 
Spontaneously, the higher number of distributed attacks the lower security as attacker possibly achieves his 
goal. In order to avoid this successful attack, the highest figure of AS among all attacks (a), which can be 
defined by Equation (5) must be discovered and discarded. 


a= max AS; (5) 


iEen 


3. NETWORK SECURITY MODEL 

Usually, no security analyst likes to experience the attack but it extensively comes to life. To lower 
the damage of attacks cost helps lead to increased productivity. If rapid protection is not provided, the 
damage cost arises exponentially. Then, specific models and procedures are required to quickly analyze the 
attack activities. The geography model of a computer network is the common graph concept producing graph 
structure in the format of geography markup language (gml). GML models are appropriate for the design of 
computer networks in the senses of control, traffic management, and processing capacities [19]. The gml 
model used in this research is introduced in this section. It is assumed that the target computer network 
composes of n independent nodes stored in the dataset. The geography dataset 1s an input of the simulation in 
which the geography of the corresponding network is drawn out as depicted in Figure 4. The network 
consists of several components such as computers, servers, network hubs, routers, switches and other 
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interconnected devices. The simulation is used to measure the network metrics listed in the previous section 
such as cliques, closeness, degree etc. Thus the attack severity 1s computed by Equation (4) based on 
vulnerabilities, attack paths, and network metrics. A surgery application using simulation as a prototype can 
be found in [20]. 
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Figure 4. The geography of computer network with hundred nodes 


4. SIMULATION RESULTS AND ANALYSIS 

In order to simulate the attack geography, the initial structure of the synthetic gml/ dataset with 62 
nodes is generated as shown in Figure 5. The different vulnerabilities based upon VID from the National 
Vulnerability Database (#7419, #7434 and #9276) are also set up to attack three dissimilar nodes (node 14, 
37 and 42). The attack probabilities are assumed to be 0.5, 0.3 and 0.2 for v;, v2 and v3 respectively. The alert 
of successful attacks on specific nodes is displayed on the attack geography as depicted in Figure 6. In order 
to compute for AS, normalized parameters from the attack geography in Figure 5 are taken into account as 
summarized in Table 2. Note that results displayed in Table 2 are only the possible figures for each parameter 
in the ascending order rather than summarizing them in detail of individual node format. Attack severity is 
calculated as shown in Table 3. It is apparent node 14 needs to be protected immediately as it exhibits the 
highest AS compared to others. 
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Figure 5. The initial attack geography with 62 network nodes 
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Figure 6. The geography with specific nodes under attack 


Table 2. Simulation results Table 3. Attack severity results 
Nodes = 62 AS 

L E R C D CL #7419 0.416 

0 0.04 0 459 1.96 1 #7434 0.36 

0.06 0.1 0.05 3 #9276 0.224 
0.18 0.18 0.11 
0.38 0.23 0.17 
0.5 0.26 0.22 
0.62 0.29 0.28 
0.34 
0.45 
0.63 
0.68 


5. CONCLUSION 

Quantitative evaluation for computer network security [21-25] has critical impacts on the pro-active 
operation of the network protection. The existing approaches are short of a self-controllable mechanism thus 
an appropriate security model has been presented in this paper. In this regard, the proposed algorithm to 
evaluate the security of the computer networks is presented. The main contribution of this research 1s to help 
analyze AUG to discover the spotted attack in the geography. In practice, AUG fundamentally is complex 
and outsized then it is not too easy to comprehend. The proposed algorithm helps streamline the geography 
and makes it comprehensive for security analysts. The proposed algorithm is to calculate the attack severity 
of vulnerabilities. The simulation results give the significant immediate response in order to protect the 
computer networks. Another investigation may include cost-effective analysis for the case of multiple 
attacks. Assuming the occurrence of vulnerabilities attack follows a Markov chain then the approximation 
method can be used to reduce the complexity in simulation execution in the next study. 
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